<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" 
	  xmlns:th="http://www.thymeleaf.org"
	  xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
	  xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"
      layout:decorator="layout">
      
      <head>
        <title>User Home</title>
    </head>
    <body>
    	<div layout:fragment="content">
	        <p>Welcome <span sec:authentication="principal.username">User</span></p>
	        <p><a th:href="@{/logout}">Logout</a></p>
	        
	        <div sec:authorize="hasRole('ROLE_ADMIN')">
	        	<h3>You will see this only if you are ADMIN</h3>
	        	<p><a th:href="@{/admin/home}">Admin Home</a></p>
	        </div>
	        <h3>Form with CSRF Token</h3>
	        <form th:action="@{/messages}" method="post">
	        	<textarea name="content" cols="50" rows="5"></textarea>
	        	<input type="submit" value="Submit"/>
	        </form>
	        
	        <h3>Form without CSRF Token</h3>
	        <form action="/messages" method="post">
	        	<textarea name="content" cols="50" rows="5"></textarea>
	        	<input type="submit" value="Submit"/>
	        </form>
	        
	        <div>
	        	<h3>Messages</h3>
	        	<p th:each="msg: ${msgs}" th:text="${msg.content}"></p>
	        </div>
    	</div>
    	
    </body>
    
</html>